Privacy Policy

1. Introduction

Spike ("Spike," "we," "us," or "our") operates the website spike.ac, the application available at app.spike.ac, and the API available at api.spike.ac (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you register for an account, use the Service, or communicate with us. This includes:

• Account registration information: name, email address, and password.
• Billing information: payment method details processed through our third-party payment processor. We do not store complete credit card numbers on our servers.
• Form configuration data: form names, endpoint URLs, notification settings, webhook URLs, redirect URLs, allowed domains, auto-responder templates, and other settings you configure within the Service.
• Communications: any information you provide when contacting our support team, submitting feedback, or participating in surveys.

2.2 Form Submission Data

When end users submit forms that point to Spike endpoints, we collect and store the data contained in those submissions on your behalf. This data may include, but is not limited to, names, email addresses, phone numbers, messages, and any other fields included in the form. You, as the form owner, are the data controller for this submission data, and Spike acts as a data processor.

2.3 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: pages visited, features used, time spent on pages, click patterns, and referring URLs.
• Log data: server logs that record requests made to our Service, including timestamps, request methods, response codes, and user agent strings.
• Cookies and similar technologies: we use cookies, local storage, and similar tracking technologies to maintain session state, remember preferences, and analyze usage patterns. See Section 8 for more details.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including processing form submissions, sending email notifications, triggering webhooks, and delivering auto-responder emails.
• To create and manage your account, authenticate your identity, and provide customer support.
• To process transactions and send related information, including purchase confirmations, invoices, and billing alerts.
• To send administrative communications, such as service updates, security alerts, and changes to our terms or policies.
• To monitor and analyze usage trends, performance, and functionality of the Service to improve user experience.
• To detect, prevent, and address fraud, spam, abuse, security incidents, and technical issues.
• To enforce our Terms of Service and comply with applicable legal obligations.
• To respond to your inquiries, requests, and feedback.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

• Service providers: we share information with third-party vendors who perform services on our behalf, such as payment processing, email delivery, hosting, analytics, and customer support. These providers are contractually obligated to use your information only as necessary to provide their services to us and are bound by confidentiality obligations.
• Legal compliance: we may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
• Business transfers: in the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
• With your consent: we may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with the Service. Form submission data is retained in accordance with your account plan and settings. You may delete individual submissions or your entire account at any time through the Service dashboard.

Upon account deletion, we will delete or anonymize your personal information within thirty (30) days, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. Backup copies may persist in our systems for up to ninety (90) days before being permanently purged.

6. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of sensitive data at rest using AES-256 encryption.
• Regular security assessments and vulnerability testing.
• Access controls limiting employee access to personal information on a need-to-know basis.
• Secure hosting infrastructure provided by reputable cloud service providers with SOC 2 compliance.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right of access: you may request a copy of the personal information we hold about you.
• Right to rectification: you may request that we correct any inaccurate or incomplete personal information.
• Right to erasure: you may request that we delete your personal information, subject to certain legal exceptions.
• Right to restriction: you may request that we restrict the processing of your personal information in certain circumstances.
• Right to data portability: you may request a copy of your personal information in a structured, commonly used, and machine-readable format.
• Right to object: you may object to the processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.
• Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at privacy@spike.ac. We will respond to your request within thirty (30) days, or such shorter period as may be required by applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with the Service. The types of cookies we use include:

• Essential cookies: required for the operation of the Service, including session management and authentication. These cookies cannot be disabled.
• Analytics cookies: used to collect information about how visitors use the Service, including which pages are visited most often and whether users receive error messages. This information is used to improve the Service.
• Preference cookies: used to remember your preferences and settings, such as language and display preferences.

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service. We do not use cookies for advertising or cross-site tracking purposes.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms where required.

10. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@spike.ac.

11. Third-Party Links

The Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to request deletion of your personal information.
• The right to opt out of the sale of your personal information. We do not sell personal information.
• The right to non-discrimination for exercising your CCPA rights.

To exercise your rights under the CCPA, please contact us at privacy@spike.ac.

13. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information on the following legal bases:

• Performance of a contract: processing necessary to provide the Service to you.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
• Consent: processing based on your explicit consent, which you may withdraw at any time.
• Legal obligation: processing necessary to comply with applicable laws and regulations.

You may lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last updated" date. For material changes, we may also send you an email notification. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Spike
Email: privacy@spike.ac
Website: spike.ac